[ZPatterns] LoginManager roles problem

Tim McLaughlin tim@iterationzero.com
Thu, 11 Oct 2001 07:55:26 -0400 

Joachim,
You know, it is funny but that is basically the same design pattern that
I use quite a lot also.  Anyway, that was the exact problem that my
hacks fixed.  I'm gonna go ahead and send you mine, and see what you get
out of it.  Also, what version of Zope and ZPatterns are you using?

Tim

Joachim Schmitz wrote:
> 
> Tim,
> 
> thanks for your thinking investment ;-).
> 
> No index_html is a dtml-method, but there is only one index_html for the
> whole site. But I just see that my drawing in the first mail is wrong:
> 
> it actually looks like this:
> 
> root:
>   acl_users (standard)
>   mysitefolder: viewable by Anonymous
>     index_html
>     acl_users (login-manager with a custumized login form)
>     otherfolder: viewable only by Authenticated
>        testfolder
>           content dtml method
> 
> where index_html looks like this:
> 
> <dtml-var standart_html_header>
> <dtml-var init>
> ...
> <dtml-var content>
> ...
> <dtml-var standart_html_footer>
> 
> the calling URL looks like /mysitefolder/otherfolder/testfolder
> 
> since there is no index_html in testfolder, the one-and-only index_html is
> called, which calls the content method. So the index_html is the parent.
> 
> On Thu, 11 Oct 2001, Tim McLaughlin wrote:
> 
> > Joachim,
> > It looks like you got it out.  And I'm not sure what the prob is now.
> > My similar probs were eliminated by doing this, but I'm not sure what
> > the cause of yours might be.  I'm definitely not a guru when it comes to
> > ZP and LM, I just know enough to make it work ;)
> >
> > But regarding your thoughts of where it is.  I don't think that specific
> > bit is the problem because index_html is not actually the parent (I'm
> > assuming its a DTML Method or DTML Doc).  It is a method or object of
> > the parent and therefore wouldn't be checked.  You know what, maybe I'm
> > assuming too much.  Is index_html a folder?  For me that would be a
> > bizarrely new way to organize it (and I'm not sure why you would do it).
> >
> 
> > Cheers,
> > Tim
> >
> > Joachim Schmitz wrote:
> > >
> > > Tim,
> > >
> > > I think I removed it by changing:
> > >
> > > class BetterSimpleUser(BetterLocalRolesMixin, SimpleUser):
> > > to:
> > > class BetterSimpleUser(SimpleUser):
> > >
> > > in LoginManager.py
> > >
> > > and
> > > class LoginUser(DataSkin, BetterLocalRolesMixin, BasicUser, Item):
> > > to:
> > > class LoginUser(DataSkin, BasicUser, Item):
> > >
> > > in UserSources.py
> > >
> > > but that didn't help.
> > >
> > > I think its caused by the following line in the validate function of
> > > LoginManager:
> > >
> > >         if user is not None:
> > >             # We got a user, check him out
> > >             user=getattr(user,'aq_base',user).__of__(self)
> > >             if user.allowed(parent, roles): return user
> > >
> > > cause the parent is the index_html, but changing that to:
> > >             for p in parents:
> > >                 if not user.allowed(p, roles):
> > >                     break
> > >                 return user
> > >
> > > did also not help.
> > >
> > > On Wed, 10 Oct 2001, Tim McLaughlin wrote:
> > >
> > > > Joachim,
> > > > This can be fixed by eliminating the BetterLocalRolesMixin and
> > > > BetterSimpleUser from LoginManager.py and UserSources.py.  I can send
> > > > you my *hacked* copy if you want.
> > > >
> > > > Cheers,
> > > > Tim
> > > >
> > > > Joachim Schmitz wrote:
> > > > >
> > > > > Hi,
> > > > >
> > > > > my site structure is like this:
> > > > >
> > > > > root:
> > > > >  acl_users (standard)
> > > > >  mysitefolder: viewable by Anonymous
> > > > >    index_html
> > > > >     acl_users (login-manager with a custumized login form)
> > > > >     otherfolder: viewable only by Authenticated
> > > > >       test dtml document
> > > > >
> > > > > When I now call the /mysite/otherfolder/test
> > > > >
> > > > > not my customized loginform pops up, but the standard httpauthorization from
> > > > > the root acl_users folder.
> > > > > When I cancel the authentication box, I get that Anonymous User has no
> > > > > access to the "test" document, which is contained in otherfolder
> > > > >
> > > > > When I copy the index_html into the otherfolder, it works correctly.
> > > > >
> > > > > Apparently LoginManager checks for the permissions in the parent, which is
> > > > > index_html. Is this a bug or a feature ?
> > > > >
> > > > > Mit freundlichen Grüßen
> > > > >
> > > > > Joachim Schmitz
> > > >
> > > > --
> > > > Tim McLaughlin
> > > > iterationZERO - www.iterationzero.com
> > > > 703.481.2233
> > > >
> > > >
> > >
> > > Mit freundlichen Grüßen
> > >
> > > Joachim Schmitz
> > >
> > > AixtraWare, Ing. Büro für Internetanwendungen
> > > Hüsgenstr. 33a, D-52457 Aldenhoven
> > > Telefon: +49-2464-8851, FAX: +49-2464-905163
> > >
> > > _______________________________________________
> > > ZPatterns mailing list
> > > ZPatterns@eby-sarna.com
> > > http://www.eby-sarna.com/mailman/listinfo/zpatterns
> >
> > --
> > Tim McLaughlin
> > iterationZERO - www.iterationzero.com
> > 703.481.2233
> >
> >
> 
> Mit freundlichen Grüßen
> 
> Joachim Schmitz
> 
> AixtraWare, Ing. Büro für Internetanwendungen
> Hüsgenstr. 33a, D-52457 Aldenhoven
> Telefon: +49-2464-8851, FAX: +49-2464-905163
> 
> _______________________________________________
> ZPatterns mailing list
> ZPatterns@eby-sarna.com
> http://www.eby-sarna.com/mailman/listinfo/zpatterns

-- 
Tim McLaughlin
iterationZERO - www.iterationzero.com
703.481.2233